Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
13-4
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 13 Distributing Administrative Tasks
Assigning User Roles
Some roles can access both the GUI and the CLI: Administrator, Operator, Guest, Technician, and
Read-Only Operator. Other roles can access the GUI only: Help Desk User, Email Administrator, Web
Administrator, Web Policy Administrator, URL Filtering Administrator (for web security), and custom
user.
Read-Only Operator. Other roles can access the GUI only: Help Desk User, Email Administrator, Web
Administrator, Web Policy Administrator, URL Filtering Administrator (for web security), and custom
user.
If you use an LDAP directory to authenticate users, you assign directory groups to user roles instead of
individual users. When you assign a directory group to a user role, each user in that group receives the
permissions defined for the user role. For more information, see
individual users. When you assign a directory group to a user role, each user in that group receives the
permissions defined for the user role. For more information, see
Before users can access quarantines, you must enable that access. See
and
.
Custom User Roles
The Security Management appliance allows users with Administration privileges to delegate
administration capabilities to custom roles. Custom roles provide more flexible control over your users’
access than the predefined user roles do.
administration capabilities to custom roles. Custom roles provide more flexible control over your users’
access than the predefined user roles do.
Users to whom you assign custom user roles can manage policies or access reports for a subset of
appliances, features, or end users. For example, you might allow a delegated administrator for web
services to manage policies for an organization’s branch office in a different country, where the
acceptable use policies might be different from those at the organization’s headquarters. You delegate
appliances, features, or end users. For example, you might allow a delegated administrator for web
services to manage policies for an organization’s branch office in a different country, where the
acceptable use policies might be different from those at the organization’s headquarters. You delegate
Help Desk User
User accounts with the Help Desk User role are restricted to:
•
Message Tracking
•
Managing messages in quarantines
Users with this role cannot access the rest of the system,
including the CLI. After you assign a user this role, you must
also configure quarantines to allow access by this user.
including the CLI. After you assign a user this role, you must
also configure quarantines to allow access by this user.
No/No
Custom Roles
User accounts that are assigned a custom user role can view and
configure only policies, features, or specific policy or feature
instances that have been specifically delegated to the role.
configure only policies, features, or specific policy or feature
instances that have been specifically delegated to the role.
You can create a new Custom Email User Role or a new Custom
Web User Role from the Add Local User page. However, you
must assign privileges to this Custom User Role before the role
can be used. To assign privileges, go to Management Appliance
> System Administration > User Roles and click the user name.
Web User Role from the Add Local User page. However, you
must assign privileges to this Custom User Role before the role
can be used. To assign privileges, go to Management Appliance
> System Administration > User Roles and click the user name.
Note
Users assigned to a Custom Email User Role cannot
access the CLI.
access the CLI.
For more information, see
.
No/No
Table 13-1
Descriptions of User Roles
User Role Name
Description
Web Reporting/
Scheduled
Reports
Capability
Scheduled
Reports
Capability